Malware and other malicious processes can be very harmful on a network. Given the amount of data, packet flows, and processes running on a network, it can be very difficult to detect malware and malicious events. Some types of malicious events, while very harmful to the network, can be extremely difficult to detect. For example, malicious command-in-control processes can be very difficult to identify particularly when hidden. This can be complicated by the fact that certain commands, while inherently dubious, may be triggered accidentally or by fluke without any necessary malicious intent.